Linux VPS as a firewall and load balancer

dcb1101

New member
Joined
May 30, 2015
Messages
20
Points
0
I'd like to have a firewall and load balancer but they expensive. Can I get a third VPS and use it as a firewall and load balancer? I know it is possible but what are pros/cons?
 

jordantyj

New member
Joined
Dec 23, 2013
Messages
22
Points
0
I installed a firewall on my VPS but I disabled it because I found that my website loads slowly when having a firewall.

why happened that?
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
RDO Servers
Was this a physical firewall, or using software firewall (IPTables) running on the same VPS?

Most likely it was either a configuration problem, your VPS did not have the resources to handle both tasks, or you were receiving a lot of malicious traffic that the firewall was having to or was unable to filter out. Did you contact your host for help? What was their response?
 
  • Like
Reactions: jordantyj

jordantyj

New member
Joined
Dec 23, 2013
Messages
22
Points
0
jordantyj
You said right, I installed IPTables Firewall

Does it stop from DDOS attacks or malicious traffic? I disabled it because my web got problems on loading since I installed it.
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
RDO Servers
A firewall will very little effect on mitigating a DDoS attack. You can set a firewall to block certain offending IP's, but think about the amount of traffic a DDoS attack can generate. If your VPS/firewall is on a 100Mbps or even a 1Gbps port, you are still going to get kicked offline when hit with a DDoS that exceeded your port speed. DDoS attacks today are hitting the 400Gbps range!

A firewall will block some malicious traffic. That is the whole point in a firewall. The most important part is blocking all ports that do not need to be open globally.

Firewalls can be a bit tricky to get setup properly if you're not familiar with them. A poorly configured firewall can hurt your performance, and still leave you unprotected.
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
You absolutely can use a linux server as a load balancer and a firewall.

For firewall, use iptables.
For load balancing use nginx or HAProxy

The main benefit in using a VPS or a server instead of a dedicated firewall/LB is the price. A Good Cisco firewall and LoadMaster LB will set you back thousands of dollars to purchase or a couple hundred dollars a month to lease.

Now for the downfalls:
You can run your firewall on your one VPS. The whole reason to have a dedicated firewall is to offload the work to a separate machine, rather then letting the extra tasks consuming resources on your primary machine. You can setup a VPS as a firewall to handle this for you,. but consider the resources you have on the VPS. If it is low on resources, and maxing out, it will certainly slow things down and potentially crash under a higher load.

The same can apply to load balancing. If you are running a VPS as a Firewall and LB, what kind of load does this create? Also, make sure your firewall, LB, and web server VPS's are on different physical machines. If you have both VPS's on the same physical server, the load balancer is moot since it won't have anything to redirect traffic to if the server goes down.
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
I am not familiar with Stamius specifically, but there are quite a few cloud based DDoS protection services out there. Most of them do not publicise their exact network limits, but will have plans that protect against different levels of attack.

There are 2 types of DDoS protection:
Hardware based. Dedicated hardware and specific software to analyze and filter attack traffic. It lets the good traffic through, and blocks the bad traffic. This can still eat up your bandwidth allocations and is limited to the port speed you are on.

Cloud based. This uses a network of geographically diverse servers that all of your traffic is routed through. Either by your DNS or a BGP tunnel. Cloud services are able to filter a much larger attack because it can spread the load across multiple servers. Think 400Gbps on 1 server, or 1Gbps on 400 servers.

If you are looking for budget DDoS protection, check out Cloudflare. I wouldn't consider them the best, but it is a good option and you can even start with a free account. We have them integrated into our control panel to make it easier for customers to setup their hosting to use Cloudflare DNS and DDoS protection.

Start with a free Cloudflare and play around with their settings and protection limits. It's not fool proof (nothing is!), but I have seen some good results.
 
Latest threads
Replies
0
Views
35
Replies
0
Views
35
Replies
1
Views
47
Replies
3
Views
111
Recommended threads
Top